//package com.yao_shop.config;
//
//import org.springframework.context.annotation.Configuration;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.builders.WebSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true) //开启security注解
//public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
//    @Override
//    protected void configure(HttpSecurity http)throws Exception{
//        http
//                .formLogin()
//                //指定登录页的路径
//                .loginPage("/logintest.html")
//                .loginProcessingUrl("/login.do") // 自定义的登录接口
//                //必须允许所有用户访问我们的登录页（例如未验证的用户，否则验证流程就会进入死循环）
//                //这个formLogin().permitAll()方法允许所有用户基于表单登录访问/login这个page。
//                //.permitAll()
//                .and()
//                .authorizeRequests()
//                .antMatchers("/logintest.html").permitAll()  //允许所有用户访问"index.html"其他地址的访问均需验证权限
//                .anyRequest()
//                .authenticated()
//                .and()
//                .csrf().disable(); // csrf 跨域;
//
//    }
//    @Override
//    public void configure(WebSecurity web) throws Exception {
//        web.ignoring().antMatchers("/css/**","/img/**","/js/**","/layui/**");
//    }
//}
